CLAIMS 



1-28. (canceled) 

29. (currently amended) A method for the secure initialization of mobile data carriers (IM) 
within the frame of an authorization system (A), comprising the steps of: 

generating wherein said initialization data (DI, A 1, 1 1) GDI) are gen e rat e d in an authorization 
process in a secure environment (g) at a remote authorization authority (HA) by means of 
authorization means (AM) 

said initialization data (DI) comprising authorization information (A-I) and initialization 
information (I-D? and being application-specific or system-specific and being used to initialize a 
new data carrier, a new application (App3) or on extension of an application (App2.2) , 

sending said initialization data (DI) ar e sent over a network (N) in a secure communication 
according to secxirity rules corresponding to the authorization system £A) 

to a decentralized authorized read and write station (A-WR) in an unsecured environment (u), 

where the mobil e data carriers (IM) ar e initialized (IMj) with the initialization data (DI) 
and using said initialization data (DI) at said decentralized authorized read and write station (A- 
WR) to initialize a new mobile data carrier (IMi), a new application (App3) or an extension of an 
application (App2.2). 

30. (canceled) 

3 1 . (currently amended) The method according to claim 29, further characterized by using 
wh e rein the authorization means (AM) are consisting of special authorization identification 
media (AM-IM) or ef authorization data (AM-I) as authorization means (AM) . 

32-38. (canceled) 
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39. (currently amended) The method according to claim 29, further characterized by 
initializing w herein with the initialization data (DI3) new independent applications (App3) €HFe 
initialized, with said initialization data. 

40. (currently amended) The method according to claim 29. further characterized by 
initializing new applications (App) wh e r e in in a blank mobile data carrier which is prepared with 
a system data field (CDF) applicationij (App) arc newly initialized with said the initialization 
data (DI). 

41. (canceled) 

42. (currently amended) The method according to claim 29, wherein further characterized by 
establishing a connection between ^ said authorization authority (HA) and ^ said 
decentralized read and write stations (A-WR, WR) over the network (N) is only made 
occasionally and when an exchange of data takes place. 

43. (currently amended) The method according to claim 29, wherein for the initialization a 
said mitialization an additional user authorization (aw) is effected by the read and write station 
(A-WR, WR), or by its owner (12) or an additional identification authorization means (ID-AM) 
is required used . 

44. (currently amended) The method according to claim 29, wherein for said initialization an 
additional an initialization a user authorization (ai) by the data carrier^or by the owner (13) of the 
data carrier takos place is carried out . 

45. (currently amended) The method according to claim 29, wherein for the authorization of 
initializations over the network (N), as well as for the execution of applications at the read and 
write station (A - WR, WR), at the data carrier (IM) further characterized by using personal data 
(aw) of the owner of the read and write station or personal data (ai) of the owner of the data 
carrier, are used as authorization means for the authorization of initializations over the network 
(N). as well as for the execution of applications at the read and write station (A-WR. WR). 

46. (currently amended) The method according to claim 29, wherein th e further 
characterized bv using mobile data carriers (IM) compris e comprising an application micro- 
processor (AppuP) for the processing of application program data (I-I-Cod). 
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47. (currently amended) The method according to claim 29, whoroin the further 
characterized bv using data carriers (IM) which are designed as contact-less, active or passive 
identification media. 

48. (canceled) 

49. (currently amended) The method according to claim 29, wherein further characterized by 
sending status informations (S-I) concerning events at the authorized, or at the decentralized read 
and write stations (A-WR, WR) and/or at the mobile data carriers (IM) arc sent to a 
corresponding authorization authority (HA) over the network (N). 

50. (currently amended) The method according to claim 49, wherein the further 
characterized bv using said status informations (S-I) arc utilized for usage or license fee debiting. 

51-56. (canceled) 

57. (currently amended) A mobile data carrier (IMj) for the communication with assigned 
decentralized read and write stations (WR, WRk) in an unsecured environment (u) within the 
frame of an authorization system (A), said mobile data carrier being affiliated to said 
authorization system (A) bv a basic system preparation and comprising 

a memory (CDF. ADF) with initialization data (DI), comprising authorization information (A-I) 
and initialization information (I-I), 

which are application-specific or system-specific and which are used to initialize the mobile data 
carrier (Dvlj), a new application (App3) or an extension of on application (App2.2) , 

wherein said initialization data (DI, A 1, 1 1) (DP were generated in an authorization process in a 
secure environment (g) at a remote authorization authority (HA) by means of authorization 
means (AM) 

and said initialization data were sent over a network (N) in a secure communication according to 
security rules corresponding to the authorization system (A) 
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to a decentralized authorized read and write station (A-WR) in an unsecured environment (u) 

and where the mobile data carrier was initialized (IMj) with said initialization data £DI1 by said 
decentralized authorized read and write station (A-WR). 

58. (currently amended) A decentralized read and write station (WRk) in an unsecured 
environment (n) for the communication with assigned mobile data carriers (IM, IMj) within the 
frame of an authorization system (A), said read and write station being affiliated to said 
authorization system (A)hva basic system preparation and comprising 

a memory with initialization data (DI) comprising authorization information (A-I) and 
initialization information (I-I) 

which are application-specific or system-specific and which arc used to initialize a n e w 
application (App3) or on ext e nsion of an application (App2.2) , 

wherein said initialization data (DI, A 1, 1 1) (DT) were generated in an authorization process m a 
secure environment (g) at a remote authorization authority (HA) by means of authorization 
means (AM) 

and said initialization data were sent over a network (N) in a secure communication according to 
security rules corresponding to the authorization system (A) 

to a the decentralized read and write station (WR) in an unsecured environment (u) 

and by means of said initialization data (DD the which said decentralized read and write station 
is was initialized (WRk) with a new application (App3^ or an extension of an application 
(A pp2.2V 

59. (currently amended) A method for the secure initialization of decentralized read and 
write stations (WR) within the frame of an authorization system (A), comprising the steps of: 
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generating wherein initialization data (DI) and oomprising authorization information (A I) and 
initialization information (I I), are generated in an authorization process in a secure environment 
(g) at a remote authorization authority (HA) by means of authorization means (AM) 

said initialization data (DI) (DI, A 1, 1 1) comprising authorization information (A-D and 
initialization information (l-D and b eing application-specific or system-specific and being used 
to initialize a new application (App3) or an extension of an application (App2.2) , 

sending and said initialization data (DI) arc sent over a network (N) in a secure communication 
according to security rules corresponding to the authorization system £A) 

to a decentralized read and write station (WR) in an unsecured environment (u), 

using said initialization data CDJ) to initialize b y moano of which said decentralized read and 
write station is initialized (WRk) with a new application (App3) or an extension of an application 
(APP2.2V 

60. (currently amended) The method according to claim 59, further chara cterized bv using 
wherein the authorization means (AM) ar e oonsiGting of special authorization identification 
media (AM-IM) or ef authorization data (AM-I) as authorizat ion means (AM). 

6 1 . (currently amended) The method according to claim 59, wherein further characterized by 
transforming a (non-authorized) decentralized read and write station (WR) at first is transformed 
into an authorized read and write station (A-WR) by means of function authorization data (A-I- 
FA) which are contained in the initialization data (DI), and ^v4ii6h subsequently is capable of 
initializing mobile data carriers (IM) in correspondence with the initialization data. 

62. (currently amended) The method according to claim 59, wherein further characterized by 
establishing a connection between the said authorization authority (HA) and the said 
decentralized read and write stations (A-WR, WR) over the network (N) isr only made 
occasionally and when an exchange of data takes place. 
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63 . ( currently amended) The method according to claim 59, wherein for the initialization a 
said initialization an additional user authorization (aw) is effected by the read and write station 
(A-WR, WR), or by its owner (12) or an additional identification authorization means (ID-AM) 
is required used . 

64. (currently amended) The method according to claim 59, wherein for tho authorization of 
initializationa over the network (N), as well ao for the oxocution of applioationo at the read and 
WTitc station (A WR, WR), at the data carrier (IM) further characterized by using personal data 
(aw) of the owner of the read and write station or personal data (ai) of the owner of the data 
carrier, are used as authorization means for the authorization of initializatio ns over the network 
(N\ as well as for the execution of applications at the read and write st ation (A-WR. WR). 

65. (currently amended) The method according to claim 59, wherein the further 
characterized bv using data carriers (IM) which are designed as contact-less, active or passive 
identification media. 

66. (currently amended) The method according to claim 59, wherein further characterized by 
sending status informations (S-I) concerning events at the authorized, or at the decentralized read 
and write stations (A-WR, WR) and/or at the mobile data carriers (IM) are sent to a 
corresponding authorization authority (HA) over the network (N). 

67. (currently amended) The method according to claim 66, wherein the fiirther 
characterized bv using said status informations (S-I) ore utilized for usage or license fee debiting. 
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